ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 8.141.123.117:50001.
Database Entry
| IOC ID: | 1845974 |
|---|---|
| IOC: | 8.141.123.117:50001 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | Cobalt Strike |
| Malware alias: | Agentemis, BEACON, CobaltStrike, cobeacon |
| Confidence Level : | Confidence level is elevated (75%) |
| Is compromised? : | False |
| ASN: | AS37963 ALIBABA-CN-NET |
| Country: | CN |
| First seen: | 2026-07-07 08:21:12 UTC |
| Last seen: | never |
| UUID: | 75f89d5c-79db-11f1-97fa-42010aa4000a |
| Reporter | |
| Reward |
10 credits from anonymous |
| Tags: | c2 CobaltStrike |
navneeet
Live Cobalt Strike Team Server identified. The server presents the default self-signed certificate with the default distinguished name (O=cobaltstrike, CN=Major Cobalt Strike), serial number 7529EE2F, and SHA-1 fingerprint F507F103395AA95C7452262D37F124BСВЗЕС9ЕВ0. The certificate is valid until 2026-07-13 and was retrieved in read-only mode. The host currently has limited detection on VirusTotal (2/1) and is not listed in ThreatFox. It is hosted on Alibaba Cloud (AS37963) in China.Hunted via automated infrastructure fingerprinting using Claude Code-assisted workflows.
CN